Protecting Your Business When Employees Leave

Greg Wilson, Head of Information Security
October 10, 2018

While it’s always important to take a variety of measures to ensure you are protecting your company from data breaches, this prevention becomes even more imperative when employees who were privy to secure information leave the company.

In order to protect your business, your employees and your clients, appropriate precautions should be followed. The departures of even the friendliest individuals should be treated the same as the departures of those who left disgruntled, as it’s best to treat all instances with safety of people and information top of mind.

The Federal Communications Commission suggests creating a security checklist for when employees leave the company, regardless of their reasons for leaving. It also recommends providing security training for all employees that will help them further understand your security measures and what potential threats to your business could exist.1

Safe Practices to Help Prevent Security Breaches After an Employee Leaves

  • Disable or change all network passwords, alarm codes and security codes to which the individual had access.
  • Remove the individual’s access to all social media accounts.
  • Deactivate the individual’s company email account(s) and any remote access he or she has.
  • Reprogram the individual’s voicemail to reflect that he or she has left the company, and provide information regarding whom should be contacted for assistance.
  • Notify appropriate parties (such as building security) so that they are aware the individual no longer works at your company.
  • If you work in a smaller office, change all locks.

Prior to the individual leaving, the company should determine whether if he or she will stay for a specified amount of time or be escorted directly off of the premises. If the individual will remain for a period of time, he or she should be monitored closely, particularly in regard to data transfers and emails being sent. It’s necessary to ensure the individual is not transferring documents or personal emails, as these could contain information that should not leave the company systems.

If the individual will leave the property immediately, another staff member should shadow the employee to collect personal items from his or her desk before escorting the individual out of the building to ensure no emails or items from the computer are accessed or deleted during this time period.

During the individual’s exit interview, all confidentiality requirements should be reviewed, and before he or she leaves, all information technology devices must be collected, and all company-specific apps must be disabled from his or her personal devices. For example, if an employee has a phone with email access, that access needs to be terminated, and all laptops, portable storage devices, phone cards, building access devices and company credit cards need to be returned to the company as well.

Additionally, make sure to collect any gate passes, parking tags, physical keys and ID cards to the building from the individual.

Most security breaches occur within the first two weeks of an employee’s termination or resignation, creating the necessity to take extra safety precautions during that time period. Regardless of whether or not the end of employment is friendly or hostile, it’s best to err on the side of caution. Information breaches can occur in any business, but you can be proactive in your efforts to help ensure yours is as safe as possible.

What Do Investors Really Want?

Learn surprising insights about the current state of professional financial advice with an exclusive report.